MALICIOUS
174
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
The PDF file is identified as malicious by ClamAV and an ML classifier, and exhibits characteristics of a phishing lure. It contains a single image and minimal text, typical of a screenshot designed to hide clickable links. The presence of numerous external URIs, including one pointing to `druttle.ru`, suggests an attempt to redirect the user to a malicious site for credential harvesting or further exploitation.
Machine Learning
- Nyx PDF Classifier malicious score 0.8642
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 49 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://druttle.ru/strik?utm_term=how+to+calculate+income+after+taxes+in+texas
- http://pasendapp.online/922829217368h8ku.pdf
- https://zovipimisog.weebly.com/uploads/1/3/1/1/131163747/boludurez.pdf
- https://cdn.sqhk.co/xefilelo/gfYM0gg/high_mx_player_web_series_release_date.pdf
- https://cdn.sqhk.co/mizipudi/Y4OUYge/nfl_espn_news_and_rumors.pdf
- https://cdn.sqhk.co/jagibuvat/JjdTBTQ/55432846562.pdf
- https://nuzojumikosa.weebly.com/uploads/1/3/0/8/130814298/e52bd2e0921.pdf
- https://cdn.sqhk.co/noperizapewo/diejajj/lawavepavikit.pdf
- https://cdn.sqhk.co/tubadaluzafu/hfkhaij/8973370574.pdf
- http://supermagazforsale1.xyz/tesla_model_3_price_drop_2021_uk7uc1l.pdf
- https://cdn.sqhk.co/gujowaxexag/ijWicge/fm_5_star_coach_formula.pdf
- https://waxogisuges.weebly.com/uploads/1/3/0/7/130776632/ragor.pdf
- https://resagivet.weebly.com/uploads/1/3/1/3/131383325/5935043.pdf
- https://s3.amazonaws.com/povodijirig/jeep_wrangler_interior_parts.pdf
- https://77483064-5892-4b52-b419-66e751946b77.filesusr.com/ugd/ef7b09_bbdad4ed0c58479f81a7a31c3ee0d5db.pdf?index=true
- https://eeeff038-21f9-42a6-bde0-cd945221d618.filesusr.com/ugd/9dc459_465c1d149173447dac377346809240e8.pdf?index=true
- https://170a7d3c-74f0-42f5-9ead-98ae292a4922.filesusr.com/ugd/a18aa6_1ee7387392ac48b3ac56aefa6a09f3d1.pdf?index=true
- https://80c93ba6-74df-4afb-9852-3a83eaba20e3.filesusr.com/ugd/4cf28d_f66764ca53884f21af2360595004e0c8.pdf?index=true
- https://s3.amazonaws.com/nilafafakem/mr._coffee_steam_espresso_and_cappuccino_maker_-_bvmc-ecm17_instructions.pdf
- https://s3.amazonaws.com/popisiburewixuj/rekomendasi_browser_android_ringan.pdf
- https://a4edf7fa-b057-49b5-8014-e5fd436fbef3.filesusr.com/ugd/c8b2c5_9af2b6d013ee46eebc6bfe396a239551.pdf?index=true
- https://s3.amazonaws.com/tonemakopinibem/ganifudepojowesidenoboxip.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.